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Chapter 6 





Integer Operators 


6.1 Euclidean Algorithm 

6.2 Chinese Remainder Theorem 
6.3 Polynomial Divisibility 

6.4 Prime and Composite Moduli 
6.5 Euler Phi-Function 

6.6 The Mobius Function 


This chapter presents several computational problems 
for which integer algorithms based on number-theoretic 
principles are markedly faster than primitive algorithms 
tied more closely to the definitions. 


2 Chapter 6 Integer Operators 





6.1 EUCLIDEAN ALGORITHM 


The Euclidean algorithm is a method for calculating 
the greatest common divisor of two integers. It is faster by 
far than the primitive method of successive trial divisors 
and methods based on factoring. 


REVIEW FROM 83.1 AND APPENDIX A2: 


e Let n and d be integers. If dg € Z such that n = dq, 
then we say that d divides n, and we write d \ n. 


e A prime number is a positive integer p > 1 such 
that p has no divisors except 1 and itself. 


e Let m and n be integers whose greatest common di- 
visor is 1. Then we say that m and n are relatively 
prime. Notation m L n. 


e The Fundamental Theorem of Arithmetic: ev- 
ery positive integer n has a unique representation as 
a product of powers of ascending primes. 


C1 ,,€2 


iS Py Po oe Der 
(The number 1 is the empty product.) 


Successive Trial-Divisors Algorithm 


A primitive algorithm for calculating gcd (m,n) con- 
siders trial divisors in ascending order. Algorithm 6.1.1 
considers trial divisors in decreasing order, thereby ter- 
minating the first time it finds a common divisor, so it 
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runs relatively faster than the ascending version whenever 
gcd (m,n) > 1. Worst-case time remains O(m). 


Algorithm 6.1.1: Near-Primitive GCD Method 


Input: non-negative integers m,n, not both 0 
Output: gcd(m, n) 


Function GC'D1 (m, n) 


if min{m, n} = 0 then return max{m, n}; 
for d:= min{m, n} to 1 step —1 
if d\m and d\n then return d; 
continue 





The following minor modification of Algo 6.1.1 considers 
only the possible divisors d = |m/k]| for k =1,...,|./m|]. 


This decreases the worst-case time to |,/m]. 


Algorithm 6.1.2: Elementary GCD Method 


Input: integers m,n, withO<m<nand0O4#n 
Output: gcd(m, n) 


Function GC'D2(m, n) 


if m= 0 then return n; 

for k :=1 to |,/m| 
d= nk |: 
if d\m and d\n then return d; 
continue 
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Prime-Decomposition Method 


A different method for calculating the greatest com- 
mon divisor of the numbers m and n, and their least com- 
mon multiple as well, is commonly taught in an early 
school grade. It starts with a factorization of m and n 
into primes. 
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It then applies the rule 


ecd (m, n) es gimin{d2,e2 } : gmin{ d3,e3 } : pinin{ ds ,es } (6.4:1) 
len (m, n) = gimax{d2,e2 } ; gmax{d3,e3 } . pier desCey 6-122) 


Example 6.1.1: Here are two prime-power factoriza- 
tions. 


120: 2" «3°05 
168 = 2°-3-7 
We now apply the elementary school method. 
gcd (720, 168) = gmin{4,3} , gmin{2,1y | pmin{1,0; | 7min{0,1} 
=) 2h 24 
lewa(720)168)) a DE) cpmertesl) cp matbOh mento, 
= 2*.3?-5-7 = 5040 


Section 6.1. Euclidean Algorithm 5 


When this method is taught at lower school levels, the 
presumption is that the user already knows the prime fac- 
torizations of the two numbers. If neither is known, it 
may take some effort to calculate the prime factors. The 
following example illustrates what happens when this is 
not the case. 


Example 6.1.2: Hand-calculator evaluation of 
gcd (6469901, 11503649) 


by prime power factorizations is daunting, because those 
factorizations are not immediately at hand, and they must 
be calculated to proceed with the easier step. This great- 
est common divisor is evaluated quickly by the Euclidean 
algorithm, as will be shown presently. 


Quotient and Mod Functions 


Some basic concepts from integer division are used in 
the Euclidean algorithm. 


DEF: The integer quotient of dividing an integer n > 0 
by an integer d > 0 is defined recursively (in effect, by 
repeated subtraction) 


Heid = 0 ifn<d 
ian ~ | 1+ quotient (n—d, d) otherwise 
Remark: Equivalently, for n > 0 and d> 0, 


quotient (n, d) = =| 
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DEF: The remainder (or residue) of dividing an integer 
n = 0 by an integer d > 0 is the number 


nmodd = n — quotient (n, d)-d 


The associated binary operation is called the mod func- 
tion, as previously noted in §1.1. 


Example 6.1.1, cont.: For 720 as dividend and 168 as 
divisor, we have 


quotient (720, 168) = | = 4 
and 
720 mod 168 = 720 — 4-168 
= 720 — 672 
= 48 


Prop 6.1.1. The integer pairs {m, n} and {m, n+km} 
have the same set of common divisors, for every integer k. 


Proof: Let d be any common divisor of m and n, say 
m=rdandn= sd. Then 


m+kn = rd+ksd = (r+ks)d 


Thus, the number d divides m+ kn. In the opposite di- 
rection, ifm = rd and n+ km = td, then 


n = td—krd = (t—kr)d ® 
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Corollary 6.1.2. For every pair of integers m and n such 
thatO<m<n, 


gcd(n, m) = ged(m, n mod m) 
Proof: Suppose that ¢ = quotient (n, m). Then 
gcd(n, m) = ged(m, n—- qm) (by Prop 6.1.1) 
= gcd(m, n mod m) & 


The strategy of the Euclidean algorithm is to apply 
Corollary 6.1.2 recursively. The following version captures 
this idea. 


Algorithm 6.1.3: Recursive Euclidean Algorithm 


Input: integers n,m > 0, not both 0 
Output: gcd (n, m) 


Recursive Function ged (n, m) 
If n = 0 then return ™; 
If m = 0 then return n; 

else return gcd(m, n mod m) 





Example 6.1.1, cont.: ‘This easy calculation illustrates 
the method. 


ged (720, 168) 


gcd (168, 48) 
gcd (48, 24) 
gcd (24, 0) 
= 24 


Example 6.1.2, cont.: 
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Here the calculations are mildly 


tedious, yet easier than trying to factor the two numbers. 


gcd (11503649, 6469901) 


gcd (6469901, 5033748) 
gcd (5033748, 1436153) 
gcd (1436153, 725289) 
gcd (725289, 710864) 
gcd (710864, 14425) 
gcd (14425, 4039) 
gcd (4039, 2308) 
gcd (2308, 1731) 
ged (1731, 577) 
gcd (577, 0) 

oT 


Prop 6.1.3. Given two numbers n and m, with n > m, 
let f, be the smallest Fibonacci number that exceeds n. 
Then the number of recursive calls in the Euclidean algo- 


rithm is at most r. 


Proof: Suppose that there are s calls. ‘Then let 


TUN, Tl1l, +-- 


» Us 


be the sequence of values of the first argument in the suc- 


cessive calls. Thus, 


m9 =n and nz = gced(n,m) 
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We observe that n, >1> fo and that n,-1 >2> f,. It 
follows by induction, in general, that 


eae: ok Ope: = Seta eye 


because 


epee: Ve Sa eee ea Te 


In particular, no > fs. Therefore, s < r. o; 


Remark: Intuitively, the number of recursive calls is at 
its largest, relative to the size of the numbers supplied 
as input, when the input supplied is two consecutive F1- 
bonacci numbers, since then all the quotients are 1, each 
remainder is the next lower Fibonacci number, and the 
numbers passed in the recursion are reduced as little as 
possible at each step. Since the growth of the Fibonacci 
sequence is exponential, as we proved in 82.5, we conclude 
that in this computationally “worst case”, the number of 
recursive calls is proportional to the logarithm of the size 
of the input. 


Extended Euclidean Algorithm 


Keeping track of the quotients and remainders at each 
division step of the Euclidean algorithm is useful in ex- 
tending its capability. In the Euclidean computation of 
gcd (n,m), define 


m =m and non = n (6.1.3) 
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and then, if after 7 —1 steps the recursion continues, define 


al 
M5 1 


My = Mi_-1 (6.1.4 


a a a 


Me = hy—1 — Q7—-17™Mj—-1 (6.1.5 
Numerous applications involve the following result. 


Thm 6.1.4. For every pair of non-negative integers m 
and n, not both 0, there are numbers N and M such that 


gcd(n, m) = Nn+Mm 
Proof: Suppose that the recursion of the Euclidean algo 
stops at the k* call, so that m, =0 and nz = ged (n,m). 
Then, if we define N; = 1 and M; = 0, we have 
Nyng + Mem, = Ing + Om, = ged(n,m) 


It follows from (6.1.4) and (6.1.5) that 


Nu (mp—1) + Mg (rei — Ue-1Mk-1) 
Mynn—-1 + (Ne -— Mrgn—1)Mr-1 


gcd (n, m) 


Whenever k > 7 > 0, we inductively define (with decreas- 
ing j) 

Nj-1 = Mj; 
Nj — Mjqj-1 


I 
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and, thus, 

ecd(n, m) = Neji tMeeimja1 forkoe7 20 
In particular, 


Nono + Momo 
= Non+ Mom by (6.1.3) 


gcd (n, m) 


DEF: The extended Euclidean algorithm includes the 
computation of N and M s.t. Nn+ Mm = gcd(n,m), 
as in Theorem 6.1.4. 


Example 6.1.1, cont.: When preparing to apply the 
extension of the Euclidean algorithm, the steps of the cal- 
culation of the greatest common divisor are arranged in 
tabular form. 


J ny Mj qj 
0 720 168 4 
1 168 48 3 
2 48 24 > 
3 24 #O STOP 


To continue with the extension, start by regarding the 
next-to-bottom row as the current row. Let 7 be its row 
number, in this case row 2. In that next-to-bottom row, 
write 


L-ng + O+mj = 1: (nj-1 — q3—-1™j-1) 


WD rF OS. 
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with appropriate values substituted for every subscripted 
variable. In this case, the substitution yields the equation 


12940 20 =: 1e(168 = 3.048) 


which expresses the greatest common divisor as a linear 
combination of nj and m,; on the left and in terms of nj_1 
and mj;—1 on the right, which is then simplified into a 
standard form of linear combination, in this case 


1-168 — 3-48 


In general, working upwards, for each row of a by-hand 
calculation, the substitution of nj_1 — qj-1mj—1 for m; 
uses values from the preceding row. There is an implicit 
substitution of the value of mj;_1 for the value of n;, but 
since mj_1 = nj, this does not require work. Continue 
upward until row 0 is reached, at which point the greatest 
common divisor is expressed as a linear combination of no 
and mo, thereby completing the objective of the extended 
algorithm. 


ny Np 


720 168 4 (—3) -720 + 13 - 168 

168 48 3 1-168—3-48=1-168—3-(720—4- 168) 
48 24 2 1-24+0-0 = 1-(168—3- 48) 

24 40 e 


In this case, we see that 
(—3) - 7204+ 13-168 = gced(720, 168) = 24 
Thus, VN = —3 and M = 13. 
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Corollary 6.1.5. For every pair of non-negative integers 
m and n, not both 0, if N and M are numbers such that 


gcd(n, m) = Nn+Mm 


then Nn+Mm is the smallest positively valued combina- 
tion Nn+ Mm with integer multipliers N and M. 


Proof: By Theorem 6.1.4, gcd (n, m) equals some com- 
bination Nn+ Mm. Since Nn+ Mm is the smallest com- 
bination of n and m, it follows that 


Nn+Mm < ged(n,m) 


Since gcd(m,n) \n and gcd(m,n) \m, it follows that for 
every choice of integers N and M, we have 


gcd(m, n)\Nn+Mm 
In particular, 
gcd(m, n)\Nn+Mm 


It follows that gcd (m,n) < Nn+Mm. & 
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The GCD of Two Fibonacci Numbers 


We conclude this section by combining what we know 
about Fibonacci numbers with what we know about great- 
est common divisors to produce the fascinating result that 
ged (fri fm) = feca(njm)+ Some review and preliminary 
propositions are helpful. 


REVIEW FROM 82.6: 


e Thm 2.6.1 [Forward-Shift Identity]. The Fibonacci 
numbers satisfy the equation 


In+k ao Leet ae eS forallk > 1 


e Cor 2.6.2. For all k > 0, the Fibonacci number f;,, is 
a multiple of the Fibonacci number f,,. 


Prop 6.1.6. Let m,n, andr be integers such that r Lm. 
Then 
gcd(rn,m) = gced(n,m) 


Proof: Since any divisor of both m and n is also a divisor 
of m and rn, it follows that gcd(n,m) < gced(rn,m). 
Now suppose that Nn+Mm = gcd(n,m) and that Cr+ 
Dm = 1. It follows that NCr+ NDm = N and, thus, 
that 


(NCr+NDm)n + Mm 
NCrn + NDmn + Mm 
= (NC)rn + (NDn+M)m 


gcd (n,m) 
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Since gcd (rn, m) is the smallest combination of rn and m, 
it follows that 


gcd(rn,m) < ged (n,m) & 


Proposition 6.1.7. Forn > 1, gcd(fn, fr—1) = 1. 


Proof: Calculation of gcd (fn, fn—1) by the Euclidean 
algorithm terminates with a value of 1. .o; 


Cor 6.1.8. Forn >1 andk Ln, gcd (frn4i, fn) = 1. 
Proof: By Corollary 2.6.2, f, divides fz. Therefore, 


exere| (im Te) = gcd Fieiss To) (Prop 6.1.6) 
= 1 (Prop 6.1.7) © 


And now for the punch line. 
Thm 6.1.9. Forn >0 andm> 1, 


ged Ge Ti) = Foca (n,m) 


Proof: Suppose that n = qm+r, where 0 < r < m. 
Then 


ged (fn, fm) = gcd (fomtrs fm) 

= 8¢d (Jomuits + fomfrot, fm) (Thm: 26.1) 

Sed imei as ta) (Cor 2.6.2 and Prop 6.1.1) 
gcd (fr, fm) (Cor 6.1.8 and Prop 6.1.6) » 
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6.2 CHINESE REMAINDER THM 


The extended Euclidean algorithm has many appli- 
cations, including the solution of a system of linear con- 
gruences. ‘The existence of solutions to certain systems is 
ensured by the Chinese remainder theorem. 


Congruence Modulo m 


DEF: A congruence modulo m is a relational statement 
of the form 
a = b (modulo m) 


It means that m \b— a. (We sometimes omit parens.) 


Example 6.2.1: 
17 = 2 (modulo 5) and — 8 = 2 (modulo 5) 


The relation called congruence modulo m and the op- 
erator called mod have a similarity in their names. Their 
mathematical connection is as follows. 


Proposition 6.2.1. Let a and 6 be any integers and m a 
positive integer. Then 


a = b (modulo m) 


if and only if 


amodm = bmodm 
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Proof: Suppose that a = qm+r and b = q@m-+r’ with 
0O<r,r’<m,sothat amodm =r and bmodm = r’. 
We observe that the assertion a = b (modulo m) simply 
means m \ 6 — a, which is equivalent to the relation 


m\(qdm-+r') — (qm+r) 
which is equivalent, in turn, to the relation 
MAT at 
Since |r’ — r| < m, this holds if and only if r’ = r, and, 
accordingly, if and only if a mod m = 6b mod ™. o; 


Linear Congruence Modulo m 


Like a system of linear equations, a system of linear 
congruences may possibly have a solution. 


DEF: For integers a, b, and m > 0, a linear congruence 
is a relation of the form 
ax = b (modulo m) 


DEF: For positive moduli m1, m2, ..., Me, a system of 
linear congruences is a list 


a,x = 6; (modulo m,) 
agz = bz (modulo m2) 
a,c = by (modulo m,z) 


A solution to the system of congruences is an integer 
x that satisfies all of them. 
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Example 6.2.2: Consider the system of congruences 
2 (modulo 3) 
3 (modulo 5) 
x = 1 (modulo 7) 


We observe that x = 8 is a solution. 


A Lemma on Relatively Prime Numbers 


The Chinese remainder theorem yields a sufficient 
condition for a system of linear congruences to have an es- 
sentially unique solution. Moreover, there is a systematic 
way to find solutions. The following proposition serves as 
a lemma in the proof of the Chinese remainder theorem. 


Prop 6.2.2. Let m and n be relatively prime, and let Q 
be an integer such that m\Q andn\Q. Then mn \Q. 


Proof: Suppose that Q = mr andQ=ns. Sincem Ln, 
there are integers N and M such that Nn+ Mm = 1, by 
Theorem 6.1.4. Thus, 


Q QNn+QMm 
mrNn+nsMm 


= mn(rN + sM) ? 


Remark: An alternative proof of Proposition 6.2.2 re- 
quires prior proof of the uniqueness of the factorization 
into prime powers, which is a substantially longer proof 
than the proof above. 
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Encoding by Residues 


Some aspects of number theory are quite ancient. 
What is now described dates back to the Chinese mathe- 
matician Sun Tsii in the 4°" century C.E. 


DEF: A set of positive integers {m,, ..., mp} isa system 
of independent moduli if m; L mj; whenever 1 ¥ 3. 


DEF: The tuple of residues of an integer n with respect 
to a system {mj ,..., mz} of independent moduli is the 
k-tuple 

(n mod m,,..., m mod mx) 


The following table shows the tuple of residues of the num- 
bers 0 to 20 with respect to the mutually independent 
moduli 3, 4, and 5. 
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Table 6.2.1. Residues modulo 3, 4, and 5. 


n nmod3 nmod4 nmod5 
0 0 0 0 
1 1 1 1 
2 2 2 2 
3 0 3 3 
4 1 0 4 
5 2 1 0 
6 0 2 1 
7 1 3 2 
8 2 0 3 
9 0 1 4 
10 1 2 0 
11 2 3 1 
12 0 0 2 
13 1 1 3 
14 2 2 4 
15 0 3 0 
16 1 0 1 
17 2 1 2 
18 0 2 3 
19 1 3 4 
20 2 0 0 


No two of the rows have the same list of residues, and 
there would be no repetition of rows until after the 60° 
row. This observation was generalized by Sun T’st, as now 
indicated. 


Section 6.2 Chinese Remainder Thm 21 


Theorem 6.2.3 [Chinese Remainder Theorem]. Let 
{my ,..., mz} be a system of independent moduli, with 
M=myme--:m,. Then the mapping 


nm +> (nmod m,...,n mod mz) 


from the integer interval [0 : M — 1] to the set of possible 
tuples of residues with respect to {m,, ..., Mz} is a one- 
to-one and onto mapping. 


Proof: Since the domain [0 : M — 1] and the codomain 
of tuples of residues with respect to {m1, ..., m,} have 
the same cardinality M, it is sufficient, by the pigeonhole 
principle (see 80.3), to prove that no two numbers in [0: 
M — 1] have the same set of residues. 


Suppose, to the contrary, that 0 <6<c< M and that 
cmodm; = bmodm; tforj=1,...,f 


Then 
in; Web) tor g = We es 


Accordingly, iterative application of Prop 6.2.2 would im- 
ply that 


mymz---m,\(e—6) forg=1,...,k 


It would follow that M \(c— 6), since M = mymz--- mg. 
But then c— 6 > M, which contradicts the prior supposi- 
tion that O<b<c<M. > 
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Arithmetic on Residue Tuples 


Much of the value of encoding numbers by residues is 
that arithmetic operations on the residues produce the 
residues of the result of the operations directly on the 
numbers. 


DEF: The sum of two k-tuples of residues with respect to 
a list of moduli {m1, ... , m4} is the k-tuple whose j*" co- 
ordinate is the sum of the two 7*" coordinates modulo mj. 


Example 6.2.3: 


n nmod3 nmod4 nmod5 


2 2 2 2 
oO 2 0 3 
= 10 1 2 0 


DEF: The product of two k-tuples of residues with re- 
spect to a list of moduli {m1, ..., m,} is the k-tuple whose 
j*2 coordinate is the product of the two j*" coordinates 


modulo m,;. 
Example 6.2.4: 


n nmod3 nmod4 nmod5 


2 2 2 2 
x 8 2 0 3 
= 16 1 0 1 


Encoding by residues is that it respects arithmetic. 
That is, the sum of the tuples for numbers r and s is the 


Section 6.2 Chinese Remainder Thm 23 


tuple of the sum r+ s, and the product of the tuples for 
numbers r and s is the tuple of the product rs. 


Remark: The arithmetic-preservation property enables 
us to add and multiply small residues instead of large 
numbers. If there is a large amount of arithmetic, then 
the cost of encoding and subsequently decoding the result 
of the computations may be amortized. 


Residue Decoding 


The following theorem provides a method by which, 
knowing only the residues of a number, one could recover 
the number itself. 


Theorem 6.2.4 [Chinese Remainder Decoding]. Let 
m, and m2 be positive integers and let Q, and Q2 be 
integers such that 


Qim, + Qomg = 1 


Let n be an integer such that 0 < n < mymg, and such 
that 
(n mod m,n mod mz) = (ri, 72) 


Then 
T1Q2m2 + reQim, = n 


Proof: Since Q1m, + Qomz = 1, it follows that 


m9 \Qimy —] and M41 \ Qame —] 


and, in turn, that 
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Qim, modm,g = 1 and Qemzmodm, = 1 
Accordingly, 
r1Q2m2 mod m, = 7, and 
T1Qem2 + r2Qim, mod m, = r1 (6.2.1) 
Similarly, 


ro and 


reQ1m, mod mz 

riQome + reQim, mod mz = re (6.2.2) 

By the Chinese Remainder Theorem, there is only one 

number in the integer interval [0 : m,mz2| whose residues 

modulo m, and modulo mz are r; and reg, respectively. 
Thus, 

T1Qam2 + r2eQim, = n ? 


In combination with the extended Euclidean algorithm, 
Theorem 6.2.4 is used to decode any tuple of moduli. It 
is simplest for a 2-tuple, as now illustrated. 


Example 6.2.5: Clearly, 8 + (2 mod 3, 3 mod 5). Et 
ther by simple observation or by an application of the 
extended Euclidean algorithm, we have 


(—3)-34+ 2-5 = 1 = Qim, + Qame 


Chinese Remainder Decoding now recovers the encoded 
number 8. 


r1QomMo ++ reoaQimy = 2a2e) ++ 3-(—3)-3 
20-27 = -7 
8 (modulo 15) 
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Example 6.2.6: Decoding of the 2-tuple 
(4 mod 8, 2 mod 9) 


begins with determination of Q, and Qs, easily in this 
case, 


(—1)-8+1-9 = 1 = Qim, + Qem 
and finishes with the calculation 


r1QomM2o + reQimy, = 4-1-9+2-(-1)-8 
= 36.—:16-=- 20 


Checking that 20 ++ (4 mod 8, 2 mod 9) confirms this 
decoding. 


Decoding 3-Tuples and Larger Tuples 


Decoding a k-tuple of residues with k > 3 involves 
iterative application of the following principle. 


Proposition 6.2.5. Suppose that m,, m2, and m3 are 
mutually relatively prime. Then mymz L m3. 


Proof: If neither of the numbers m, nor mz has a prime 
divisor that occurs in the prime factorization of m3, then 
m my, has no prime divisor that occurs in the prime fac- 
torization of m3, since the set of prime divisors of m ,mg 
is the union of the set of prime divisors of m, and m2. > 


26 Chapter 6 Integer Operators 


Example 6.2.7: Decoding of the 3-tuple 
(4 mod 8, 2 mod 9, 3 mod 5) 
begins with the calculation of Example 6.2.6 that 
20 ++ (4 mod 8, 2 mod 9) 


Any number n such that n = 20 mod 72 satisfies both of 
the conditions n = 4 mod 8 and n = 3 mod 5. Subsequent 
decoding of the 2-tuple 


(20 mod 72, 3 mod 5) 
begins with finding multipliers Q@; and Qz2 such that 
Qi-72 + Q.-5 = 1 


Either by “guessing” or by the extended Euclidean algo- 
rithm, we have 


(—2)-72 + 29-5 = 1 
The calculation concludes with 


riQomz + reQ@im1 = 20-29-5 + 3+(—2)-72 
= 2900 — 432 = 2468 
= 308 (modulo 360) 


Checking that 
308 ++ (4 mod 8, 2 mod 9, 3 mod 5) 


confirms this decoding. 
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6.3 POLYNOMIAL DIVISIBILITY 


This section demonstrates how some of the integer 
operations of present interest are extendible to operations 
on polynomials. In particular, a pair of polynomials may 
have a greatest common divisor, there is a Euclidean algo- 
rithm for polynomials, and there are prime polynomials. 


NOTATION: The degree of a polynomial g(x) is denoted 


Og(z). 


DEF: A monic polynomial is a polynomial whose coeffi- 
cient on the term of largest degree is 1. 


Example 6.3.1: z+ + 52° — 4x27 + 7x + 14 is a monic 
polynomial. 


The Polynomial Ring over the Integers 


NOTATION: The set of polynomials of finite degree in one 
indeterminate x, with integer coefficients, is denoted Z [z]. 


TERMINOLOGY: In view of its algebraic properties, Z [z] is 
called a polynomial ring (see Appendix A2). 
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Divisibility and Mod for Polynomials 


Division of polynomials is a generalization of long di- 
vision, with a quotient and a remainder. In effect, we 
subtract multiples of the divisor from the dividend, until 
what is left is of lower degree than the divisor. 


DEF: The quotient of dividing a polynomial 
g(t) = grt” + Grae™* + +++ + go 
of degree r by a polynomial of degree s 
he) = hae igi 


is defined recursively (using repeated subtraction): 


If r < s then quotient (g(x), h(x)) = 0, and, otherwise, 
quotient (g(x), h(a)) = 


_ x’ ° + quotient (sw i - x’ *h(2), h(e)) 


DEF: The remainder of division of a polynomial 
g(t) = gre” + grit? + +++ + go 
by a non-zero polynomial 
A(z) = hea? + he-ye® ) +--+ + ho 
is the polynomial 


g(x) mod h(a) = g(x) — quotient (g(x), h(x)) h(a) 
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DEF: The non-zero polynomial h(x) divides the polyno- 
mial g(a) if there is a polynomial f(a) such that 


g(x) = h(x) fle) 
This relation is denoted h(z) \ g(x). 


Clearly, the polynomial h(x) divides the polynomial g(x) 
if and only if 
g(x) mod h(x) = 0 


Example 6.3.2: The polynomials 2° —2?7+1 and 2° —2 
both divide the polynomial x° — x° — x° + 2x7 — 2, since 


Gr aa (gS): SS ag Sag = 


Common Divisors of Polynomials 


DEF: A common divisor of two or more polynomials is 
a polynomial that divides both or all of them. 


The following proposition is analogous to Prop 6.1.1. 

Prop 6.3.1. Let a(x), b(a), and c(x) be polynomials in 
the polynomial ring Z|x|. Then the polynomial pairs 
{a(x),b(a)} and {a(x), b(~) + a(ax)c(x)} have the exact 


same set of common divisors. 


Proof: Let h(x) be any common divisor of a(x) and b(x), 
say a(x) = u(x)h(x) and b(a) = v(x)h(x). Then 


a(x) + c(x)b(z) = u(a)h(x) + c(x)u(z)h(a) 
(u(x) + e(x)u(x))A(@) 
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Conversely, if a(x) = u(x)h(x) and b(x) + a(x)c(x) = 
v(az)h(a), then 

biz) = v 


| 
e 


DEF: A greatest common divisor of two polynomials 


a(x) = apx” +a,_ja2" |+-+-++aq and 


b(x) = bya? + b,_12° 1 +--+ + bo 


is a common divisor polynomial g(x) of highest degree. 


NOTATION: The notation gcd (g(x), h(x)) often refers to 
the monic greatest common divisor of g(x) and h(a). 


Example 6.3.3: The polynomial z°—z?+1 is a greatest 
common divisor of the polynomials x° — x° — x° + 2x7 —2 
and «+ —x?+2+1. The polynomial «° — x? +1 is monic, 
and we write 


gedi(a? =a =a" 07 2: ae =a esl) 
Be 22 
=e Se ae 
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Euclidean Algorithm for Polynomials 


Thm 6.3.2 [Euclidean Reduction for Polyns]. Let 
g(x) and h(a) be polyns such that 0 < Oh(x) < Og(a). 
Then 

gcd (h(x), g(x)) = ged(h(ax), g(x) mod h(x)) 
Proof: Suppose that g(a) = quotient (g(x), h(x)). Then 


ged(h(z), g(e)) = ged (h(e), g(x) —q(«)h(w)) (Prop 6.3.1) 
= ged (h(e), g(x) mod h(e)) o 


DEF: The Euclidean algorithm for polynomials is 
to iterate Euclidean reduction until a residue of zero is 
achieved. 


Example 6.3.4: ‘The process is directly analogous to 
the integer version. 


gcd (x? —1, 2° — 327 + 32 —1) 
= ped'(e = 32" 3e-— 1; 102° = 1584 5) 


M:. - “3h 
= gcd (102? —15@+5, —#— 3) 


4° 4 
ik. dl 

diana. 

god (Fe > 9) 


= a= 


Remark: There is also an extended Euclidean algorithm 
for polynomials. 


32 Chapter 6 Integer Operators 


Prime Polynomials 


DEF: A monic polynomial g(x) # 1 is a prime polyno- 
mial if it has no monic divisors of positive degree except 
for itself. 


Example 6.3.5: Any linear polynomial xz + k is prime. 


Example 6.3.6: A quadratic polynomial x? + br + c is 
prime over the integers, unless it has two integers (perhaps 
both the same) as its roots. For instance, x? — 2 is prime. 
More generally, by the quadratic equation, it follows that 
for the roots to be integers, it is a necessary condition that 
b? — 4c must be the square of an integer. 
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6.4 PRIME & COMPOSITE MODULI 


When evaluating a congruence, first expanding the 
moduland and then dividing by the modulus is slow. Num- 
ber theory and algebra can make it faster. 


FROM APPENDIX A2: 


e The domain of the ring of integers modulo n, de- 
noted Z,,, is the set of numbers 


10s 1h ade go 
e The binary operations of addition modulo n (+) 


and multiplication modulo n (-) in the ring Z, 
are given by the rules 


b (modulo n) +c (modulo n) = b+ c (modulo n) 


b (modulo n) - c (modulo n) b-c (modulo n) 


In other words, if adding or multiplying two numbers 
as usual for integers happens to exceed n — 1, then 
divide by n and use the remainder as the result. 


e The number 0 is the additive identity of Z,. 
e ‘The number 1 is the multiplicative identity of Z,,. 
e The number k has n—& as its additive inverse in Z,,. 


e Some numbers have multiplicative inverses in Z,,. For 
instance, 13 is the inverse of 7 in Zog, since 


13-7 = 91 = 1 (modulo 90) 
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Existence of Inverses Modulo m 


The general objective here to find solutions to con- 
eruences of the form 


mx = 1 (modulo n) 


for arbitrary positive integers m and n. 


Proposition 6.4.1. Let m and n be positive integers. 
Then m (modulo n) has a multiplicative inverse if and 
only ifm Ln. 


Proof: First, suppose that m L n. By the extended 
Euclidean algorithm, there are integers N and M such 
that 


Nn+Mm=i1 


Thus, 
Mm = 1 (modulo n) 


which implies that M/Z mod n is a multiplicative inverse of 
m mod n in Z,,. 


Conversely, if Mm = 1 (modulo n), then 
n\(Mm-—1) 


Thus, there is an integer N such that Nn = Mm-—-1 
which implies that 


Mm—-Nn=1 


from which it follows that m Ln. » 
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Corollary 6.4.2. Let p be a prime number. Then all the 


numbers 1, ..., p—1 have inverses in Zp. 
Proof: Since p is prime, all the numbers 1, ..., p—1 are 
relatively prime to p. o; 


Remark: When p is prime, Z, is a field. See App A2. 


The following three examples all illustrate the conclu- 
sion of Proposition 6.4.1. 


Example 6.4.1: In the ring Ze, the numbers 1 and 5 
(both relatively prime to 6) are their own inverses, but 
the numbers 2, 3, and 4 have no multiplicative inverses. 


Example 6.4.2: In the ring Z7, the numbers 1, ..., 6 
(all relatively prime to 7) all have multiplicative inverses, 
in accord with Corollary 6.4.2, respectively, 1, 4, 5, 2, 3, 6. 


Example 6.4.3: In the ring Zs, the numbers 1, 3, 5, 7 
(all relatively prime to 8) are their own inverses, but 2, 4, 6 
(not relatively prime to 8) have no multiplicative inverses. 


Calculating Inverses Modulo n 


The proof of Prop 6.4.1 provides a method for cal- 
culating the inverse modulo n of a number m such that 
fee Oe 


Step 1. Find integers N and M such that Nn+Mm = 1, 
for instance, by the extended Euclidean algo. 


Step 2. Then take M@ mod nas the multiplicative inverse 
of m (modulo n). 
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Example 6.4.4: Since 16 L 21, the number 16 must 
have a mult inverse modulo 21. Either by inspection or 
by the extended Euclidean algo, it can be determined that 


4-16—-— 3-21 = 1 


Thus, the multiplicative inverse of 16 (modulo 21) is 4. 


Uniqueness of Inverse Modulo m 


TERMINOLOGY: In Example 6.4.4, the number 4 is de- 
scribed as the inverse of 16 modulo 21, rather than an 
inverse. In fact, the number 25 is another multiplicative 
inverse of 16 modulo 21, since 


20 2 Oe Zs ad 


However, it is proved below that a number n has at most 
one inverse modulo m in the range 


1,...,m—l1 
The definite article the is often applied to such an inverse. 


Lemma 6.4.3. Let n be an integer and m an integer that 
is relatively prime to n. Then the numbers 


m, 2m, ..., (n—1)m 


are mutually non-congruent modulo n, 1.e., a permutation 
of the numbers 


ii: “Qe. exe eS 


a 
Il II 


Hy 
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Proof: Proposition 6.4.1 implies that m has a multi- 
plicative inverse modulo n, that is, a number M such that 


Mm =14+ Nn 


for some number N. Consider two numbers r and s such 
that 1 <r, s<n-—J1. Suppose that 


rm = sm (modulo n) 
Then rmM = smM (modulo n). It follows that 
r(l+Nn) = s(1+ Nn) (modulo n) 


and, in turn, that 


r = s (modulo n) & 


Cor 6.4.4. Let m and n be relatively prime positive inte- 
gers. Then there is exactly one inverse M of m (modulo n) 
such that1 << M <n. » 


Example 6.4.5: Consider the prime p = 7 and the num- 
ber m = 4. Then the sequence 


(km mod p | ‘baad 
is exactly the sequence 
A Ae 2A Sac8s OB a 1D. 
AsA = 16, 5:4 = 20, 624-= 24 
which reduces, modulo 7, to the sequence 
4 (modulo n), 2-4 =1(modulon), 3-4 = 5 (modulo n), 
2 (modulo n), 5-4 = 6(modulon), 6-4 = 3 (modulo n) 


Thus, the number 2 is the unique inverse of 4 (modulo 7) 
in the range 1, ..., 6. 
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Fermat's Theorem 


We now turn to the problem of modular exponenti- 
ation, that is, of evaluating an expression involving an 
exponential modulo a number, such as 


3124°!* (modulo 20) 


This is less tedious than it at first appears, since there is 
no need to evaluate 312471*. A first reduction is based on 
the following proposition. 


Proposition 6.4.5. For any integers m and n> 1, 
m' (modulo n) = (m mod n)” (modulo n) 
Proof: Suppose that m = gn+(mmod n). Then 
m' = (qn + (m mod n))" 


In the expansion of the exponentiated binomial on the 
right, the only term that does not have n as a factor is 
(m mod n)". Hence, 


m" (modulo n) = (m mod n)” (modulo n) & 


In particular, 


3124°!* (modulo 20) = 4?'* (modulo 20) 


A further kind of simplification begins with the choice of 
a convenient power of the base number 4. For instance, 
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choosing the exponent 3 produces the following reduction 
of the exponent and easy evaluation. 


4° = 64 = 4 (modulo 20) 
AE = (AP) ad CN Ae Ae a Ale Gnodile 20) 
= () = 4. = (4°) = 4° (modulo 20) 
(4°)? .4% = 4°.4% = 4* (modulo 20) 
= 4°.4 = 4-4 = 16 (modulo 20) 


Nee” 


Alternatively, if we choose the exponent 5, 


4° = 1024 = 4 (modulo 20) 
oO es, (Ad St A A Sd SP) A nodule 20) 
= AS a a) Sw. = 16 Giedule:20) 


A theorem of Fermat permits such a calculation to go even 
more rapidly, when the modulus is prime. Its traditional 
name is Fermat’s Little Theorem. 


Theorem 6.4.6 |[Fermat’s Little Theorem]. Let p be 
a prime number and let 6b be any integer that is not divis- 


ible by p. Then 
b?-* = 1 (modulo p) 
Proof: Lemma 6.4.3 implies that 
p-l 


[[G = IL = (p—1)! (modulo p) (6.4.1) 


j=l 


40 Chapter 6 Integer Operators 


Since multiplication modulo p retains commutativity, 


[l9) = II b I j (modulo p) (6.4.2) 


Combining (6.4.1) and (6.4.2) yields 


b?—!(p—1)! = (p—1)! (modulo p) (6.4.3) 


Applying Corollary 6.4.2 to all the factors of (p — 1)! in 
the congruence (6.4.3) implies the result 


b?-+ = 1 (modulo p) > 


Example 6.4.6: All the numbers 
S12 S416, 8 SB A S256 
are congruent to 1 modulo 5. 


Example 6.4.7: Fermat’s congruence cannot be used 
when the modulus is not prime. For instance, 


2'' — 2048 = 8 (modulo 12) 
314 = 177147 = 3 (modulo 12) 


Remark: In 86.5, there is a generalization by Euler of 
Fermat’s Little Theorem. 
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Wilson’s Theorem 


There is still more to be harvested from Corollary 
6.4.2, the principle that the numbers 1, ..., p—1 all have 
multiplicative inverses modulo a prime p. 


Prop 6.4.7. Let p be a prime number and let n be an 
integer that is not divisible by p. Thenn* = 1 (modulo p) 
if and only ifn = +1 (modulo p). 


Proof: Suppose first that n = +1 (modulo p). That is, 
there is an integer k such that n = kp+1. Then either 


n> = (kp+1)* = k*p*4+ 2kp+1 = 1 (modulo p) 


or 


n° = (kp—1)* k*p* —2kp +1 = 1 (modulo p) 


Conversely, suppose that n? = 1 (modulo p). Then 
p \n? —1. It follows that 


p\e= Diese) 


Thus, since p is prime, either p \n —1 or p \n-+1. If 
p \n-—1, then n = 1 (modulo p). If p \n +1, then 
n = —1 (modulo p). & 


Cor 6.4.8. Let p be prime. Then (p—2)! = 1 (modulo p). 


Proof: Let r€ {2,...,p—2}. By Prop 6.4.7, the num- 
ber r cannot be its own multiplicative inverse modulo p, 


(m 
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and that inverse must lie in that same range {2, ..., p—2}. 
It follows that the numbers 2, ... ,p—2 can be paired into 
inverses modulo p. Accordingly, 


p—2 
I] j = 1 (modulo p) 
j=2 
Thus, (p — 2)! = 1 (modulo p). > 


Theorem 6.4.9 [Wilson’s Theorem]. The congruence 
(m—1)! = —1 (modulo m) 


holds if and only if m is prime. 


Proof: If m is prime, then the congruence 
(m—1)! = —1 (modulo m) 


follows immediately from Corollary 6.4.8. 


Conversely, if m is not prime, then m has a factor r such 
that r < [,/m], say rs =m. If r < s, then 


m—-L1 


II 3 


j=stl 


r—l 


—1)! = rs- Ll]; I] 


s— 
get jer 
1 


1 
J 
+1 
s—1 _ 
0-1 Ts) | IDs} t OD 


a g=rtl jg=st+l 


0 £ —1 (modulo m) 
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If r? =m =4, then 
(m—1)! = 3! = 6 # —1 (modulo 4) 


Otherwise, i.e., for m > 6, we have \/m > 2, which implies 
that 2r <m. Thus, 


r—l 2r—1 m—-L1 
imo ren (TE I] : I] i 
al g=r4l g=2r+1 
r—l 2r—1 m—L1 
SS ge (iL I] 9 I] 9 
g=1 g=rtl g=2r4+1 
r—l 2r—1 m—1 
=2-0-(]]s} | IDs) I 3 
g=l g=r4+l g=2r+1 


(since r? = m = 0 (modulo m)) 


= 0 (modulo m) ? 


Remark: We have proved a sharpened version of Wilson’s 
theorem, with values for (m—1)! (modulo m) in all cases. 


Quadratic Residues 


DEF: The integer a is a quadratic residue of the integer 
m if a L m and if the congruence 


z* = a (modulo m) 


has a solution. If the congruence x? = a mod m has no 


solution, then a is called a quadratic non-residue of m. 
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Remark: If c and d are congruent, then 
c = & (modulo m) 


Thus, the set of numbers c? such that 1 < ¢ < m—1 and 
c 1m is acomplete set of quadratic residues of m. 


Example 6.4.8: According to the remark above, the set 
{l=1*, 4=27, 2=37, 2=4*7, 4=57, 1=67} 
=A ls Qe At 


is the set of quadratic residues of 7. The numbers 3, 5, 
and 6 are quadratic non-residues of 7. 


Example 6.4.9: ‘The quadratic residues of 11 are 
(S210, 4] 220. 0S Sas. Daa ST, 
and: 357 = 6" 


The numbers 2, 6, 7, 8, and 10 are quadratic non-residues 
of 11. 


Example 6.4.10: The quadratic residues of 15 are 


tS Sa Sa Sa eid, BS SS FS S18 
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Finding Solutions to a Quadratic 


We now generalize some of the properties that may 
have been observed in these examples. 


POWER OF ODD PRIME AS MODULUS 


Theorem 6.4.10. Let p be an odd prime, let n be a 
positive integer, and let a be an integer not divisible by p. 
Then the congruence 


a”? = a (modulo p”) (6.4.4) 
has either two distinct solutions in the range 1,..., p”—1 
or no solutions at all. 


Proof: Suppose that 6 lies in the range 1,..., p”—1 and 
that 
b° =a mod p" (6.4.5) 


Observe that p” — 6 lies in the range 1, ..., p” — 1, and 
that it is not equal to 6, since p” is odd. The calculation 


(p” -_ b)? = pe” - 2bp” it b* 
= b* (modulo p”) 


establishes that p” — b is a second solution to the congru- 
ence (6.4.4). 


To see that there are no more than these two solutions, 
consider another putative solution, i.e., a number c such 
that 

c’ = a(modulo p”) (6.4.6) 
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Congruences (6.4.5) and (6.4.6) together imply that 
b° —c* = 0 (modulo p”) 


from which it follows that p” \ b? — c*, and, equivalently, 
that 


p’ \(b—e)(b+e) 
Thus, either 
p\b-—c or p\b+e 


If p were to divide both b—c and b+c, then p would divide 
their sum 2b. Yet, since p is an odd prime, it cannot divide 
2, so it would necessarily divide 6, implying that it divides 
a, which would contradict the choice of the number a. 
Accordingly, the number p does not divide both b—c and 
b+c. It follows that either 


p’\b-—c or p”\b+ec 
If p” \b—c, then 
c = b (modulo p”) 
On the other hand, if p” \b+ c, then 
c = p" —b (modulo p”) 
We conclude that c is not an additional solution, and that 


either there are two solutions in the range 1,...,p” —1 or 
there are none. » 


Section 6.4 Prime & Composite Moduli 47 


Cor 6.4.11. Let p be an odd prime. Then the number of 


quadratic residues among the numbers 1, ..., p—1 is 
p—l 
2 
Proof: Since none of the numbers 1, ..., p—1 is divisible 


by p, it follows from ‘Theorem 6.4.10 that the mapping 


zt» x? mod p 


from 1, ..., p—1 to itself is two-to-one. Thus, the image 
of this mapping, i.e., the set of quadratic residues, has 
cardinality be. » 


POWER OF 2 AS MODULUS 


For modulus 2, the number 1 is the only quadratic 
residue, and the congruence z* = 1 mod 2 has the unique 
solution « = 1. For modulus 4, the numbers 1 and 3 are 
relatively prime. ‘The number | is a quadratic residue, and 
the number 3 is a quadratic non-residue. The congruence 
xz? = 1 mod 4 has the two solutions zg = 1 and « = 3. For 
higher powers of 2, there is the following theorem. 


Theorem 6.4.12. Let n be an integer greater than 2, and 
let a be a quadratic residue of 2", whose smallest positive 
solution is the number b. Then in the range 1,..., 2” —1, 
the congruence 


a” = a (modulo 2”) (6.4.7) 
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has exactly these four solutions and no others: 
by Day 2b ah, Dae (6.4.8) 


Proof: Squaring any of the three other proposed solu- 
tions implies immediately that it is a solution to the con- 
gruence (6.4.7). It is also clear that the four asserted so- 
lutions are mutually non-congruent modulo 2”. 


To see that there are no other possible solutions, consider 
a number c such that c* = a (modulo 2”). Then, since 
both 6 and c satisfy the congruence (6.4.7), it follows that 


bane 
Equivalently, 
2” \(b—c)(b+c) 


It may be asserted that 4 cannot divide both b—c and b+c, 
since otherwise, the number 4 would divide their sum 20, 
from which it would follow that b is even, implying that a 
is even, contrary to the choice of a. Accordingly, either 


2”*\b-ce or 2” *\bt+e (6.4.9) 


One alternative under (6.4.9) is that 2"~' \b—c. Then, 
for some integer k, we have 


Dae ak2 
=: C=] bSK2" 


If k is odd then c is one of the four solutions (6.4.8), since 
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CaO eb 
and, similarly, if k is even, then 


c= 2"”4+5b 


The other alternative under (6.4.9) is that 2"~! \b+c. 
Then c = —b+k2”~', for some integer k. If k is odd then 
ce = 2”-!~_ }, and if k is even, then c = 2” — b, so it is 
not a fifth solution. 


We conclude that either there are four solutions in the 
range 1,..., p” —1, as indicated, or there are none. ¢ 
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6.5 EULER PHI-FUNCTION 


DEF: ‘The number of positive integers not exceeding n 
that are relatively prime to n is given by the Euler phi- 
function ¢(n). 


Here are the first few values of the Euler phi-function: 


m | L 2.3 -4. 9S -6 FT 86 9 





gdn| 1 1 2 2 4 2 6 4 6 


It is particularly easy to evaluate ¢(n) when n is 
prime. 


Proposition 6.5.1. If the number p is prime, then 


o(p) = p-1 
Conversely, if ¢(p) = p—1, then p is prime. 


Proof: Suppose that p is a prime number. Then each of 
the numbers 


Ie 32s. eee el 
is relatively prime to p, which implies that ¢(p) = p—1. 
Conversely, if p is not a prime number, then at least one 


of those p— 1 numbers is not relatively prime to p, which 
implies that o(p) < p—1. © 


In this section, we develop some properties of ¢(n) and 
give a method of calculating that is much simpler than 
inclusion-exclusion (see Exercises to §3.6). 
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Euler’s Generalization of Fermat’s Thm 


Euler generalized Fermat’s ‘Theorem: 


Theorem 6.5.2 [Euler’s Theorem]. Let b and n be 
integers with b Ln andn> 1. Then 


b%™) = 1 (modulo n) 


Proof: We observe that if modulus n is prime, then the 
conclusion reduces to Fermat’s Thm. More generally, let 


T1y T25 cee, Yo(n) 
be the set of numbers < n and relatively prime to n. 


Assertion 1: Each of the numbers 
bri, bre, wey br b(n) 


is relatively prime to the number n. 


Proof of Assertion 1: Suppose that p is a prime number 
that divides n and also divides the product br;. Then p 
would divide either 6 or r;.. Whichever it divides would 
not be relatively prime to n, a contradiction in either case. 
% Assertion 1 


Assertion 2: If i #7, then br; # br; (modulo n). 


Proof of Assertion 2: Suppose that n \ b(r;—1;). Since 
n | 6, none of the prime divisors of n divides 6. It follows 
that n \7r;—7r;. Since |r; —r;j| <n, it follows that r; = rj, 
and thus, that 2 = 7, a contradiction. > Assertion 2 
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Asrt 3: br, -bre: ++: OF say = TIT Ta(n) (modulo n). 


Proof of Assertion 3: It follows from Assertions 1 and 
2 and the pigeonhole principle that the values 


br; modn, ..., org ny mod n 
are a perm of the values r1,...,7¢(n)- > Assertion 3 
Completion of Proof: Assertion 3 implies that 
bP pypy ve Poin) = Tire +++ Ten) (modulo n) 
and, in turn, that 
n\ (bP) — 1) ryre ++ lan. 


Since each of the numbers r; is relatively prime to n, it 
follows that 
n\ (vo) —1) 


Thus, 6%") = 1 (modulo n). > 
Example 6.5.1: The numbers relatively prime to 15 are 
1 2 Ae 85 Vil Ss 1A. 


Thus, (15) = 8. The numbers 4 and 7 are relatively 
prime to 15. We observe that 
45 = 16 = 1* = 1 mod 15 
S497 S42 167 => =a mod 15 
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Evaluating the Phi-Function 


Prop 6.5.1 was a first step toward a general formula 
for ¢(n). We now continue the pursuit of a formula. 


Thm 6.5.3. Let p be a prime number and e a positive 
integer. Then 

o(p*) = p° yer 
Proof: A number is not relatively prime to p*° if and 
only if it is divisible by p. In the integer interval [1 : p°], 
the numbers divisible by p are 


P20. Sih ee 
The cardinality of the complementary set is p° — p°—!. 


Example 6.5.2: If p = 2, then the numbers relatively 
prime to 2° are the odd numbers less than 2°. Clearly, 
there are 
oe 
2 


a2 ae _ je—l 
such odd numbers. 


DEF: A function f :Z* > Z* is a multiplicative func- 
tion if whenever m Ln 


f(mn) = flim)f(n) 


Thm 6.5.4. The Euler phi-function is multiplicative. 
Proof: Let m and n be integers such that m Ln. Then 
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ss (b L mn) (definition of ¢) 


De (61 m)(b Ln) (Theorem A2.2) 
b=0 
mn—-1 


2, | (6 mod m L m)(b mod n L n) (Prop 6.1.1) 


m—-1ln-1 
(j modm Lm)(k modn tn) (Thm 6.2.3) 
j7=0 k=0 
m—1 n—1 
(j mod m L m) S_(k mod n L n) 
7=0 k=0 
m) &(n) % 


Example 6.5.3: By sequential testing, we determine 
that the numbers relatively prime to 36 are 


1 5 7 Il 13 #17 #19 23 25 29 31 35 


Thus, $(36) = 12. Either by sequential testing of the 
smaller positive integers or by ‘Theorem 6.5.3, we see that 


(4) = 2 and ¢(9) = 6, Thus 


#(36) = 12 = 2-6 = 4(4)4(9) 
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Theorem 6.5.5. Let 6 be a positive integer with the 
prime power factorization 


b = pot ---pe 
Then 


= [leo =) 


Proof: This follows immediately from Theorems 6.5.3 
and 6.5.4. > 


Corollary 6.5.6. Let 6 be a positive integer with the 
prime power factorization 


b = po... pe 


more 


Proof: Starting from Theorem 6.5.5, 


Then 





| 
i 
ce 
| 
— 
= 
SO 
a. 
= 
| 
— 
N—_” 


(0) 


[Lote 
Ie (2 -eH(i-3) ¢ 
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Example 6.5.4: 60 = 27-3-5. By Corollary 6.5.6, 


1 1 1 
— BOs eee — 16 
Ze OD 


The sixteen numbers relatively prime to 60 are 


1 7 11 138 17 19 23 29 
31 37 41 43 47 49 53 959 


By combining Corollary 6.5.6 with Euler’s theorem, 
we can quickly evaluate some otherwise hard-looking con- 
gruences. 


Example 6.5.5: In reducing each of these congruences 
of an exponentiated expression, first the base is reduced 
by dividing by the modulus m, and then the exponent is 
reduced by dividing by ¢(m). 

230° med 15 -=.4°" mod) 15-4" med 15: 4 
1728" mod, 35-=.13°"" mod 35> = 13" modi35 = 13 
1205?*?? mod 21) =<87'° aod 21 8° ined 21,6 


Summing Phi over Divisors of n 


We are now concerned with proving the following clas- 


sical result: 
Sod) =n 


d\n 
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The proof is most easily understood as a generalization of 
an example. 


Example 6.5.6: ‘The divisors of 12 are 
d=] 12-3 4. 6 12 


The sum of the values of ¢(d) is 


SY” o(d) = 14142424244 = 2 
a2 


This phenomenon can be explained by considering the 


unreduced fractions of the form < ae MOI gs, Miutetg 


A. .2 38 A & G&G 7% 8 2 10 jf 12 
12 12 12 12 #12 12 #12 ##12 #12 «#72 12 12 
First reduce them to 
eee, Oe ek ok a, a ak 
12 6 4 3 12 2 12 3 4 6 JI 1 


and then regroup them according to their denominators 
1 i le 2 SL. Be sh. 1 5 7% (1 


Le ot, 2Oe Be hh A CO 1D IDO De 
1=9(1) 1=4(2) 2=4(3) 2=4(4) 2=4(6) 4=$(12) 


The set of numerators in each reduced subgrouping is 
precisely the set of numbers that are relatively prime to 
the common denominator of that subgrouping. Thus, the 
number of fractions in the subgrouping corresponding to 
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the divisor d of 12 equals ¢(d). Since the subgroupings ef- 
fectively partition the original set of unreduced fractions, 
it follows that 


S/ o(d) = 12 


ay ae 
Theorem 6.5.7. Let n be any positive integer. Then 


Sod) =n 


d\n 


Proof: For each divisor d of n, the value ¢(d) equals the 
number of unreduced fractions in the set 


1 2 n 
n mn n 


whose denominator is d after reduction. Since every one 
of the n unreduced fractions reduces to a unique reduced 
fraction, the conclusion follows. o; 


Example 6.5.7: ‘The divisors of 15 are 


d= 1 3 5 15 


The sum of the values of ¢(d) is 


Sod) = 14+24+44+8 = 15 
d\ 15 
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6.6 THE MOBIUS FUNCTION 


August F. Mobius (1790-1868), a student of Gauss, 
was later a professor of mathematics at Leipzig, whose 
most celebrated mathematical association is quite likely 
with the surface called a Mobius strip, which is one-sided 
when imbedded in 3-dimensional space. He was also an 
astronomer. This section concerns one of his contributions 
to classical number theory, the Mobius function, and its 
use in a summation principle called Mobius inversion. 


DEF: The Mobius function p(n) is defined recursively 
on the positive integers as follows: 


wd) = 1 
win) = — So(d\n)wd) ifn>1 


Example 6.6.1: We consider the smallest cases. 


w(2) = —p(l) = -1 

#(3) = —w(l) = -1 

A) = =p) A) SL 1) 0 

#5) = —p(l) = - 

w(6) = —w(1) — w(2)-w(3) = -1-(-1)-(-1) = 1 
u(7) = —p(1) = -1 
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ps) = =p) = 2) —24) = -l=(-1) 0 = 0 
pO) ==) = Ss 1) 0 

w(10) = —w(1) — w(2) — (5) = -1—-(-1)-(-1) = 1 
wll) = —p(1) = -1 

(12) = —m(1) — w(2) — w(8) — w(4) — 16) 


We observe that on each of the primes 2, 3, 5, 7, and 11, 
the value of the Mobius function is —1. It is easy enough 
to prove that this is true of all primes. 


Lemma 6.6.1. Let p be a prime number. Then 


u(p) = —1 


Proof: Since 1 is the only proper divisor of a prime num- 
ber p, it follows that 


p-l 


—~ 5 ((d\p) u(d) 


p(p) 


| 
| 
= 
o— 
Ke 
ee 


eS et d 
We observe also in Example 6.6.1 that 
(4) = (8) = w(9) = 0 


and, suspecting that pu is 0-valued on every prime power, 
we might check a few more and then confirm our hunch. 
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Example 6.6.1, cont.: We check the next few small 
cases of prime powers. 


w(16) = —p(1) — u(2) — w(4) — w(8) = -1-(-1)-0-0 = 0 
(25) = —w(1)—w(5) = -1—(-1) = 0 
w(27) = —p(1) — (3) —- (9) = -1-(-1)-0 = 0 


Lemma 6.6.2. Let p* be a prime power with k > 2. 
Then 


Proof: Since all the divisors of p* are of the form p’, it 
follows that 


k-l1 
up") = — S— pulp’) 
j=0 
BASIS: k = 2 
w(p?) = —p(1) — u(p) 
= Sl=(S)) 
0) 
IND STEP: Assume true for 7 = 2,...,k —1. Then 
u(p") = —p(1) — p(p) — p(p?) — ... — (p"*) 
SAS) 204.220 


0 >» 
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About Multiplicative Functions 


It is proved in 86.5 that the Euler function ¢(n) is 
multiplicative. That is, whenever m Ln 


p(mn) = o(m)g(n) 


In anticipation of calculating the values of the Mobius 
function, we prove two general theorems about multiplica- 
tive functions, after a preparatory lemma. 


Lemma 6.6.3. Let m and n be relatively prime numbers. 
Then each divisor d of the product mn has a unique rep- 
resentation as the product d = d dz of a pair of integers 


d, and dz such that d, \m and dz \n. 


Proof: By the Fundamental Theorem of Arithmetic, the 
integer d has a factorization into prime powers, each of 
which divides either m or n, but not both, since m L n. 
The unique representation is 


d, = gcd(d,m) and dz = gcd(d,n) & 


Theorem 6.6.4. Let f(n) be a function on the positive 
integers, and let F'(n) be the function 


F(n) = >) F(a) 


d\n 


If f(n) is multiplicative, then so is F(n). 
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Proof: Let mand 7 be relatively prime numbers. Then 


F(m)F(n) = S- f(di) S> fda) (definition of F) 


di \m dz \n 


= ye Ss” f(di) f(d2) (distribution of mult) 


dy \m de \n 


= » Ss” f (didz) (f is multiplicative) 


dy \m de \n 


= S f(didz) 


(d1, dz) : dy \m A dz \n 


= > f(d) (Lemma 6.6.3) 


d\ mn 


Example 6.6.2: To illustrate Theorem 6.6.4, let f bea 
multiplicative function, m = 10 and n = 9. Then 


F(90) = f(1) + f(2) + F(3) + F(5) + F(6) + F(9) 

+ f(10) + f(15) + f(18) + f(30) + (45) + f(90) 
Fi Oe) Be FG Fee) 

+ f(1- 9 - i 1) + f(5-3) + f(2-9) + f(10-3) 


| | 
“th 
“_—s 
hb 
~~” 
“th 
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The following theorem inverts the relationship of The- 
orem 6.6.4. It enables us to prove that the Mobius function 
js is multiplicative, which is the key property in establish- 
ing a formula for the values of jy. 


Theorem 6.6.5. Let f be any function on the positive 
integers such that the sum 


F(m) = > f@) 


d\m 


is a multiplicative function. Then f itself is a multiplica- 
tive function. 


Proof: By induction. 
BasIs: Since F' is multiplicative, it follows that F(1) = 1. 


Thus 
fl) = v@ = FY =1 


aa 
IND Hyp: Assume that f(mn) = f(m)f(n) for m Ln 
whenever mn < s. 


IND STEP: Suppose that m Ln and that mn = s. ‘Then 


Fain) = >) JG) = >. >, ibe) 


d\mn b\me\n 


We infer that 6 L c within the double sum, since 6 \m and 
c\n, with m Ln. Thus, by the induction hypothesis, we 
have 
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(s = s070 — fim)f(n) + f(mn) 


b\me\n 


(s f(b) a) — fim)f(n) + f(mn) 


b\m c\n 
= F(m)F(n) — f(m)f(n) + f(mn) (def of F) 


It is given that F' is multiplicative, which means that 


F(mn) = F(m)F(n). It follows that 
f(mn) = f(m)f(n) 


Thus, f is multiplicative. o; 


Evaluating Mu 


Thm 6.6.6. The Mobius function p is multiplicative. 
Proof: Immediately from the definition of uw, the func- 


tion 
P(m) = 3 wld) 
d\m 
has the value ; 
{ 1 ifm=l1 
O otherwise 


Thus, the function F'(m) is multiplicative. It follows from 
Theorem 6.6.5 that the function yz is multiplicative. > 
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Thm 6.6.7. Let pi, ..., py be different primes. Then 


(=1)" afey <9 6.1 


El Cr — 
(py... pr”) i‘ ife; > 2, for any j 


Proof: This follows from Lemma 6.6.1, Lemma 6.6.2, 
and the fact that py is multiplicative. .o; 


Example 6.6.3: We use ‘Theorem 6.6.7 to determine 
some values of ju(7). 


wd) = 1 

w(2) = —1 

w(4) = p(27) = 0 

(6) = p(2-3) = (-1? = 1 
(12) = p(2?-3) = 0 

(30) = w(2-3-5) = (-1)? = -1 
u(210) = p(2-3-5-7) = (-1)* = 1 


Mobius Inversion 


The following identity facilitates the manipulation of 
a summation indexed over a lattice of divisors. 


Lemma 6.6.8. Let m and k be positive integers. Then 


(bem) = {Ms 2] 
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Proof: First suppose that k \d\m. Take c = : Then 


a = i = a with c\T 


Conversely, suppose that c \ = Take d = ck. ‘Then 


mit = OE =F with k\d\m © 





Theorem 6.6.9 [Mobius Inversion Principle]. The 
integer function F' is related to the integer function f by 
the summation 


F(m) = >) f(d) 


d\m 
if and only if the function f is related to the function F' 
by the summation 
d\m 


Proof: First suppose that 


F(m) = >) f@) 


d\m 
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(>) F(d) = (4) Sr) (subst for F(d)) 
d\m d\m k\d 
—— ~e(s) f(k) 
d\mk\d 


— » >. LU (=) f(k) (swap sum order) 


k\mk\d\m 


= hs (=) 


k\m k\d\m 

— Ly f(k) es ll (72) (Lemma 6.6.8) 
k\d ONE 

— > f(k) (= = 1) (definition of 4) 
k\d 

= Yo F(&) (k= m) 
k\d 

= lm) 


This completes the “forward” direction. 


Conversely, suppose that 
m 
fim) = Yu(S)F@ 
d\m 
Then 


aS y«(F) F(k) (subst for f(d)) 


d\m d\m k\d 
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Se (5) F(k) (swap sum order) 


k\d k\d\m 


= yh) a 
k d\m 
) (rearrange summands) 


a | Qy 


k\d 


= > Fh 


k\d ae? 


= >> F(k) ¥«(* f) (Lemma 6.6.8) 


k\d pa 


— DS F(k) (= = 1) (definition of ,4) 
k\d 


= > F(k) (k= 
k\d 


= (Mm) > 


eof 





Example 6.6.4: We recall from Theorem 6.5.7 that 
>» o(4) = 
d\n 
For n = 6, the sum on the left is 
é(1)+ (2) + (3) + 0(6) = 1414242 =6=n 


According to the Mobius inversion principle, one expects 
that 
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The value of this sum is 


(6) -1 + w(3)-2 + w(2)-3 + pl) -6 
= 1-14 (-1)-2+ (-1)-341-6 
S12 = Bo 
=2 
= 9(6) 


which serves as empirical confirmation. 


